Berkman Center for Internet & Society.
Welcome
Registration
Discussion
Resources

 

Module 1: Introduction
Module 2: Online Data Collection
Module 3: Monitoring Employees
Module 4: Governmental Collection of Data
Module 5: The Total Information Awareness Program
Module 6: Comparative Approaches (the EU)
Module 7: Self-Help, Free Software, Cryptography

Harvard Law School > Berkman Center > Open Education > Cyberprivacy > Self-Help > Cryptography > Survey of Issues >

PRIVACY IN CYBERSPACE

A Survey of Issues Surrounding Encryption

Modern encryption, as we have just discussed, is achieved with algorithms that use keys to encrypt and decrypt messages by turning text or other data into digital code and then by restoring it to its original form. The length of the key determines the code’s security level -- the longer the key, the more secure the code. To decipher an encrypted message without access to a key, a person would need to try every possible key. Computer keys are made of bits of information, binary units of information that can have the value of 0 or 1. Therefore, an 8-bit long key has 256 (28) possible values. A 56-bit key creates 72 quadrillion (72,000,000,000,000,000) possible combinations. Without the key to crack a 56-bit encrypted message, a person would have to resort to the so-called brute-force method to decrypt the message -- i.e., try out every single one of the 72 quadrillion possible combinations. If the key is 128 bits long, attempting to crack the code without the key would be 4.7 sextillion (4,700,000,000,000,000,000,000) times more difficult than cracking a 56-bit key (which itself has 72 quadrillion possible combinations)! Given the current power of computers, experts consider that a 56-bit key could be cracked by using the brute-force method in 10 million hours of computer time (14,000 computers used around the clock for 4 months).[12] However, a 128-bit key is not considered crackable.[13] Until 1996, the U.S. government considered anything stronger than a 40-bit encryption to be a “munition” -- hence, the export of any piece of information with that level of encryption was illegal.[14] Since then, the government has relaxed its standards and allows the export of 56-bit encryption, with some restrictions.[15] 128-bit encryption has now emerged as the standard of illegality.[16]

The government’s restrictions on 128-bit encryption, however, has led to opposition from many corners, including software companies that are worried that restrictions will impede the growth of Internet commerce and organizations, such as the ACLU, that are concerned that the restrictions will intrude on individuals’ privacy rights.[17] In response, the government, led by the Department of Justice (DOJ) and Federal Bureau of Investigations (FBI) argue that unbreakable encryption will destroy law enforcement officials’ ability to fight crime and prevent terrorism, and will ultimately endanger national security.[18] How to balance these competing interests is an issue that is still perplexing policymakers and legislators. In the following sections, we will lay down the main points that these competing groups have put forth.

Next: Arguments for Restrictions on Cryptography--Law Enforcement...

 
Please send inquiries to bold@cyber.law.harvard.edu

Welcome | Registration | Discussion | Resources |
The Berkman Center for Internet & Society